Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack

From: Tillman Hodgson (tillman_at_seekingfire.com)
Date: 04/21/04

  • Next message: Charles Swiger: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
    Date: Wed, 21 Apr 2004 15:44:45 -0600
    To: freebsd-security@freebsd.org
    
    
    

    On Wed, Apr 21, 2004 at 05:18:26PM -0400, Gary Corcoran wrote:
    > Charles Swiger wrote:
    > >The default TTL gets decremented with every hop, which means that a
    > >packet coming in with a TTL of 255 had to be sent by a directly
    > >connected system. [ip_ttl is an octet, so it can't hold a larger TTL
    > >value.]
    >
    > Huh? 255-- == 254, not 0. A TTL of 255 just allows the maximum possible
    > number of hops, before being declared hopelessly lost.

    Exactly -- if you see an incoming packet with a TTL of 255, it must've
    originated on a directly connected system /or it would've already been
    decremented to 254 or lower/.

    -T

    -- 
    "Beware of he who would deny you information, for in his heart he dreams
    himself your master."
    
    



  • Next message: Charles Swiger: "Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack"

    Relevant Pages